package com.neuedu.his.controller;

import com.neuedu.his.common.UserTypeConstants;
import com.neuedu.his.po.User;
import com.neuedu.his.service.UserService;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;

import java.util.List;
import java.util.Map;

@RestController
@RequestMapping("/user")
public class UserController {

    @Autowired
    private UserService userService;

    @GetMapping("/list")
    public ResponseEntity<?> getUserList(HttpServletRequest request) {
        User user = (User) request.getSession().getAttribute("user");
        if (user == null || !UserTypeConstants.ADMIN.equals(String.valueOf(user.getUseType()))) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN)
                    .body(Map.of("message", "只有管理员可以访问该功能", "success", false));
        }
        List<User> users = userService.findUsersByRealName(""); // 获取所有用户
        return ResponseEntity.ok(Map.of("message", "查询成功", "success", true, "users", users));
    }

    @PostMapping("/register")
    public ResponseEntity<?> register(@RequestBody User user) {
        if (userService.register(user)) {
            return ResponseEntity.ok(Map.of("message", "注册成功", "success", true));
        }
        return ResponseEntity.badRequest().body(Map.of("message", "注册失败", "success", false));
    }

    @PostMapping("/login")
    public ResponseEntity<?> login(@RequestParam String userName,
                                   @RequestParam String password,
                                   HttpServletRequest request) {
        User user = userService.login(userName, password);
        if (user != null) {
            HttpSession session = request.getSession();
            session.setAttribute("user", user);
            return ResponseEntity.ok(Map.of(
                    "message", "登录成功",
                    "user", user,
                    "success", true
            ));
        }
        return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
                .body(Map.of("message", "用户名或密码错误", "success", false));
    }

    @GetMapping("/adminFunction")
    public ResponseEntity<?> adminFunction(HttpServletRequest request) {
        User user = (User) request.getSession().getAttribute("user");
        if (user == null || !UserTypeConstants.ADMIN.equals(String.valueOf(user.getUseType()))) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN)
                    .body(Map.of("message", "只有管理员可以访问该功能", "success", false));
        }
        return ResponseEntity.ok(Map.of(
                "message", "这是只有管理员可以访问的功能",
                "success", true
        ));
    }

    @GetMapping("/userFunction")
    public ResponseEntity<?> userFunction(HttpServletRequest request) {
        User user = (User) request.getSession().getAttribute("user");
        if (user == null) {
            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
                    .body(Map.of("message", "请先登录", "success", false));
        }
        return ResponseEntity.ok(Map.of(
                "message", "这是普通用户可以访问的功能",
                "success", true
        ));
    }

    @GetMapping("/logout")
    public ResponseEntity<?> logout(HttpServletRequest request) {
        HttpSession session = request.getSession(false);
        if (session != null) {
            session.invalidate();
        }
        return ResponseEntity.ok(Map.of("message", "登出成功", "success", true));
    }

    @GetMapping("/search")
    public ResponseEntity<?> searchUsers(@RequestParam(required = false) String realName,
                                         HttpServletRequest request) {
//        User user = (User) request.getSession().getAttribute("user");
//        // 修正了此处的语法错误，移除了多余的括号
//        if (user == null || !UserTypeConstants.ADMIN.equals(String.valueOf(user.getUseType()))) {
//            return ResponseEntity.status(HttpStatus.FORBIDDEN)
//                    .body(Map.of("message", "只有管理员可以访问该功能", "success", false));
//        }

        // 确保查询条件处理正确
        if (realName == null || realName.trim().isEmpty()) {
            realName = ""; // 处理空查询条件
        }

        List<User> users = userService.findUsersByRealName(realName);
        return ResponseEntity.ok(Map.of("message", "查询成功", "success", true, "users", users));
    }

    @PostMapping("/delete")
    public ResponseEntity<?> deleteUser(@RequestBody Map<String, Integer> params, HttpServletRequest request) {
        User user = (User) request.getSession().getAttribute("user");
        if (user == null || !UserTypeConstants.ADMIN.equals(String.valueOf(user.getUseType()))) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN)
                    .body(Map.of("message", "只有管理员可以访问该功能", "success", false));
        }
        Integer id = params.get("id");
        if (id == null) {
            return ResponseEntity.badRequest().body(Map.of("message", "缺少用户ID", "success", false));
        }
        if (userService.deleteUserById(id)) {
            return ResponseEntity.ok(Map.of("message", "删除成功", "success", true));
        }
        return ResponseEntity.badRequest().body(Map.of("message", "删除失败", "success", false));
    }

    @PostMapping("/update")
    public ResponseEntity<?> updateUser(@RequestBody User user, HttpServletRequest request) {
        User currentUser = (User) request.getSession().getAttribute("user");
        if (currentUser == null || !UserTypeConstants.ADMIN.equals(String.valueOf(currentUser.getUseType()))) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN)
                    .body(Map.of("message", "只有管理员可以访问该功能", "success", false));
        }
        if (userService.updateUser(user)) {
            return ResponseEntity.ok(Map.of("message", "修改成功", "success", true));
        }
        return ResponseEntity.badRequest().body(Map.of("message", "修改失败", "success", false));
    }

    @PostMapping("/add")
    public ResponseEntity<?> addUser(@RequestBody User user, HttpServletRequest request) {
        User currentUser = (User) request.getSession().getAttribute("user");
        if (currentUser == null || !UserTypeConstants.ADMIN.equals(String.valueOf(currentUser.getUseType()))) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN)
                    .body(Map.of("message", "只有管理员可以访问该功能", "success", false));
        }
        if (userService.register(user)) {
            return ResponseEntity.ok(Map.of("message", "添加成功", "success", true));
        }
        return ResponseEntity.badRequest().body(Map.of("message", "添加失败", "success", false));
    }
}